The Complicated Relationship Between Innovation and Security

Banks and payment processors are dealing with an increasingly complex environment in the payments industry that is opening new opportunities for fraudsters.

While keeping up with the pace of innovation in consumer technology is a challenge in itself for many payments players, it also makes it more difficult for them to guarantee security, a panel of experts agreed at Visa’s 2013 Global Security Summit yesterday.

With the proliferation of new technologies -- particularly the many devices and operating systems at play int he mobile market -- innovation is creating more complexity in the payments landscape, providing more opportunities for fraudsters to do their dirty work, the experts said.

For instance, when a merchant starts accepting mobile transactions, they tend to get a measurable increase in fraudulent transactions, according to a survey of 1100 merchants by Javelin Strategy and Research. But surprisingly those fraudulent transactions don’t usually come from the mobile channel; instead fraudsters take advantage of the added complexity that the new mobile acceptance creates, and attack other areas, Javelin’s CEO Jim Van Dyke, who led the panel, explained.

But innovation has to go ahead if in step with consumer demand, Benoit Boudier, SVP of international sales for ROAM, a provider of mobile point of sale solutions. “Our job is to innovate; innovation can’t be stopped,” Benoit remarked. “We just have to build security into everything we do from the beginning.”

That imperative of building security into each and every innovation from the beginning is especially important because of the fast rate of consumer adoption that often greets new technologies, Dawn-Marie Hutchinson, the senior manager of IT security for Urban Outfitters, noted. “If you don’t bake in security from the start you could be starting a forest fire if a solution has a rapid rate of adoption,” she explained. “You have to think all along about what can the user do with a new technology that I don’t want them to do.”

But innovation is also opening up new opportunities to improve security, with new technologies like biometrics, some of the panel experts said. The Brazilian bank Banco Bradesco Cartoes, for instance, has introduced fingerprint readers for biometric authentication at its ATMs, the bank’s director of operations, Alexandre de Freitas Monteiro, said during the panel.

But banks and processors also have work to do on the back end to guarantee security in today’s increasingly complex security environment. Having complexity on the back end can damage security as well, particularly when it comes to data silos, which are common across many players in the industry. “There are a lot of big data challenges in the industry that are really technical problems,” said Alexandra Beyer, an analyst in Palantir Technologies’ IT security practice. “Integrating data in a unified environment to enable analysis is a major challenge for many banks.”

Jonathan Camhi has been an associate editor with Bank Systems & Technology since 2012. He previously worked as a freelance journalist in New York City covering politics, health and immigration, and has a master's degree from the City University of New York's Graduate School ... View Full Bio

It's a difficult balancing act for banks when it comes to customer security. Customer are the worst offenders when it comes to security. They dislike too many password requirements, and they hate multi-factor authentication because it takes too long. Biometrics may eliminate some of the password and other security problems that customers unintentionally cause, but consumers don't like biometrics either (because of privacy concerns). No one ever said being a CISO was easy!

We see a related kind of tension/dilemma when it comes to the concept of customer experience and engagement. Even with more "relaxed" views of privacy that younger consumers (supposedly) have, banks and other financial services firms have to balance between the access, ease of navigation, real-time transactions and transparency that customers want & expect and the need to protect their information and verify their identities.

Good point. I've heard security experts point out that today's global fraud rings are themselves organized like businesses, not only in terms of access to technology but with management, policies, incentives, etc. So banks, merchants and others need to proceed understanding they are dealing with very organized and focused entities, not just a one-off curious or disgruntled person.

Very true, the unfortunate downside of technological innovation is that it's not just the good guys who are taking advantage of it. As the expert panel stated, the more cool mobile devices in the world that people love to use, the more avenues for fraudsters to attack.